Vulnerabilities > IBM > Infosphere Information Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-24 | CVE-2024-40706 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system. | 4.3 |
| 2024-12-19 | CVE-2021-29827 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. | 5.2 |
| 2024-12-12 | CVE-2024-52901 | Improper Validation of Specified Quantity in Input vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation. | 6.5 |
| 2024-12-11 | CVE-2023-23472 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. | 6.5 |
| 2024-12-11 | CVE-2024-51460 | Information Exposure Through an Error Message vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. | 4.3 |
| 2024-08-15 | CVE-2024-40704 | Insufficiently Protected Credentials vulnerability in IBM Infosphere Information Server 11.7/11.7.0.1/11.7.0.2 IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. | 4.9 |
| 2024-08-15 | CVE-2024-40705 | Unspecified vulnerability in IBM Infosphere Information Server 11.7/11.7.0.1/11.7.0.2 IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. | 6.5 |
| 2024-08-06 | CVE-2024-39751 | Information Exposure Through an Error Message vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2024-07-24 | CVE-2024-37533 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. low complexity ibm | 4.6 |
| 2024-07-12 | CVE-2024-40690 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. | 5.4 |